Windows security

[ELIMINATOR]

I have recently installed AVG anti virus after having probs with Norton anti virus.
Question, the Norton firewall is due for renewal, am I OK just using the firewall within the Windows security center?

Once Norton has expired I will uninstall, as I assume this is all on the system and makes the start up slower if I leave it in the PC?
aLTHOUGH i WILL WAIT TO SEE IF i GET THE £30 REFUND FIRST!

Girlfriend just said to me after me reading comments on other threads about modems?????? Does Wanadoo broadband have some built in protection? ref. firewall or anything else for that matter???

An amoeba is more computor lierate than me.

 

[themadprofessor]

Hi, In my opinion [I manage 100 computers and the network for a legal company], I think it is very very inadvisable to run two different antivirus/firewall products on the machine at the same time.

I personally would not do it.

I am on ADSL at home and I have a USB ADSL modem attched to a PC running Smoothwall .
I have the paid version, however there is a free public domain version. The network card in this PC is connected to a hub and my computer is connected to the hub. So my little local area network is completely isolated from the internet. The PC running the firewall is an old P2 266 Meg that I had lying around. I use NOD32 as an Antivirus product and I also run the new Microsoft AntiSpyware Version: 1.0.509 product which on tests was the most efficient at countering Spyware threats of any of the Anti Spyware products around.

I am not paranoid, just careful!!

Rgds

Chris

 

[Alte Wolf]

Hi, In my opinion [I manage 100 computers and the network for a legal company], I think it is very very inadvisable to run two different antivirus/firewall products on the machine at the same time.

I personally would not do it.

I am on ADSL at home and I have a USB ADSL modem attched to a PC running Smoothwall .
I have the paid version, however there is a free public domain version. The network card in this PC is connected to a hub and my computer is connected to the hub. So my little local area network is completely isolated from the internet. The PC running the firewall is an old P2 266 Meg that I had lying around. I use NOD32 as an Antivirus product and I also run the new Microsoft AntiSpyware Version: 1.0.509 product which on tests was the most efficient at countering Spyware threats of any of the Anti Spyware products around.

I am not paranoid, just careful!!

Rgds

Chris

Just loaded up Microsoft AntiSpyware. I see its a Beta version. Looks like a better 'deal' than the Spybot I'm currently using.

Its turned up a crock load of stuff already and it aint finished yet

 

[themadprofessor]

Yup the review gave it top marks when it was still "Giant software" - Microsoft saw that, liked it so much that they bought it

If you examine the properties of a number of the .dlls in it you will see the references to Giant software.

Apparently what I hear is that it will still be free to domestic users when it goes out of beta in July but chargeable to coporate users.

Chris.

 

[Alte Wolf]

Yup the review gave it top marks when it was still "Giant software" - Microsoft saw that, liked it so much that they bought it

If you examine the properties of a number of the .dlls in it you will see the references to Giant software.

Apparently what I hear is that it will still be free to domestic users when it goes out of beta in July but chargeable to coporate users.

Chris.

Goodun, thanks for that Chris

 

[Aidan1150]

Free firewall

ZoneAlarm is a free firewall that you can download from the web.

I have been using it for a few years and it is very easy to set up, you just decide which programmes have access to the web and it does the rest.

Get it here

 

[themadprofessor]

Hi,

My two penny worth.

I don't like these software firewalls like Zone Alarm and Norton firewall.

To connect the Internet directly to your PC and have the firewall software running on it, is like having the front door open and allowing the burglar into your house. Then trying to chuck him out after he is in your hall way.

I prefer having a separate firewall which in my view is like having the gate barred and repelling the burglar at the bottom of the drive. These days I think anyone should be able to find an old Pentium or even 486 computer which they could attach their ADSL or dial up modem to run any number of free software firewalls like Smoothwall, IPcop ETC, and make certain that the bads stuff is kept at arms length from your PC.

Just my opinion.

Chris

 

[Iain Hogg]

Re uninstalling Norton - Good Luck! It's not quite that easy

I've recently dumped it completely as, although I could "turn off" the features I didn't want (as I was using other products) the features remained active and were screwing up my system.

Best to get yourself copies of all the alternative s/w you need, disconect from the net, disable all the Norton stuff, then use Control Panel/Add_Remove Programs to start the uninstall process.

Once (if?) that completes successfully, there is another file to download from the Symantec site to remove all(?) the registry entries that remain.

Have a Google search on "uninstall norton" or similar and see what it turns up.

Oh, don't forget to install and enable all the replacement programs before reconnecting to the net!

Iain

 

[Mr Grinch]

To connect the Internet directly to your PC and have the firewall software running on it, is like having the front door open and allowing the burglar into your house. Then trying to chuck him out after he is in your hall way.

I prefer having a separate firewall which in my view is like having the gate barred and repelling the burglar at the bottom of the drive. These days I think anyone should be able to find an old Pentium or even 486 computer which they could attach their ADSL or dial up modem to run any number of free software firewalls like Smoothwall, IPcop ETC, and make certain that the bads stuff is kept at arms length from your PC.

Just my opinion.

Chris

It makes little difference whether the firewall is running local or remotely except for the processing overhead if running local. In some cases local can often be better in systems which are not properly administered. Properly administered means having a good level of knowledge about IP protocols & the ports on which they run, amongst other things.

All firewalls will HELP stop intrusion into the system. Running a local firewall which checks incoming & outgoing traffic (not XP though, this checks incoming traffic only) will HELP stop trojan activity, while running remotely is unlikely to stop it as by default if a connection to the Internet is attempted from a trusted computer (usually any machine within the firewalled network) it will be allowed. Unless of course your competent firewall administrator has already blocked the requisite outgoing IP ports on the remote firewall because he is aware of the trojan which use that particular port or port range.

Tunnelling 'nasties' over HTTP or SMTP & other protocols used in normal Internet connections is extremely trivial. This is often how trojans infect machines.

If you allow any internal system to connect to any external system, then a firewall (internal or external) will provide no protection from this vector of attack, as the connection is seen as lawful.


Don't use IM, IRC or P2P type connections in public forums, always run a decent firewall, whether local or remote, an up-to-date anti-virus application, & a spyware application should see you reasonably protected, but you have to remember to keep this stuff UP-TO-DATE & understand when to allow/deny when prompted by these applications. Trust no one. Important. Don't open attachments to e-mails unless you are expecting them & know who they are from.

--

Simon

 

[themadprofessor]

Whilst I will agree that a PC based firewall may provide a certain protection against the user browsing to a malicious web site that opens an exploit in an Internet Explorer window. However will the user realise what is going on and click the correct response button in the pop window from the firewall that informs them the "X" programme is trying to do "Y". The firewalls that I user block all incoming attempts to connect to the PC unless they are a direct response to someone on the PC clicking on a link. The Anti Virus I use has a web filter that sifts all material downloaded from the Internet for malicious content and blocks it from even being written to disk.

I still contend that having the block on a separate machine is safer than letting the potentially maliciousness get a foothold on the actual PC.

You only have to consider the actions of many of the recent threats [viruses/trojans] that attempted to shut down most of the well known Anti Virus programmes and firewalls immediately they were downloaded.
This is another reason why I use a slightly less well known AV which so far is not popular enough to attract the attention of the virus writers. It still does get good reviews.

Chris

 

[Mr Grinch]

It is not the traffic initiated from external to the network which is important, this is by default blocked unless specifically allowed, it is what happens when an internal connection to external is initiated. This is by default allowed unless specifically blocked as the internal system is generally considered trusted & therefore safe.

There is a difference between how a network professional will approach the problem in comparison to the average home user.

Two scenarios for Mr & Mrs Average Internet user

1st scenario (External Firewall)
Trojan lurking on machine which has not been detected by your out-of-date anti-virus software (since the begining of February there have been 137 new virus signatures detected so those who update once every twenty four hours are potentially opening themselves up to infection of an average four new virus per day before update). The trojan arrived by opening an email attachment. The trojan then initiates an external connection via the external firewall. The external firewall sees this as allowed traffic as the traffic is coming from a trusted source, your computer, & therefore happily allows the conversation to take place. If the external firewall is logging it will be logged but someone has to read & analyse these logs sometime, maybe, never!!!. By the time someone has seen this logged activity how long has it been going on? 1 minute, 1 hour, 1 day, 1 week, 1 month... get the picture.

2nd scenario (Local Firewall)
Exactly same except firewall is local. Trojan tries to initiate an external connection. Local firewall intercepts and queries whether you have initiated this connection. At least this way you have an immediate indication of the activity taking place allowing you to choose to allow/disallow, unlike the previous scenario which could mean the connection never being detected.

As a normal home user the local firewall is the safer option.

Local & external would be better.

--

Simon

 

[mikeh501]

I think both approaches have merit, and it would depend upon the circumstances in either case. Home PC's and networks have different needs to the corporate world.

Both the scenarios outlined above can easily be circumvented whether by incorrect firewall setup or lack of user knowledge. What you really need is a set of tools and technologies.

My 0.02 for home use...

* A router. With or without a built in firewall this already provides you protection by logically seperating you from the internet. No one can connect to your PC directly unless you have either setup the router with port forwarding, DMZ, UPNP etc. The only time anything can connect to you is when you connect to them first.

* Anti-Virus. My preferred choice is Trend, but I use AVG as its free. I dont agree with the previous poster on the number of viruses etc, the logic is flawed.

* Anti Spyware. Not used the M$ version, but Adaware from lavasoft seems to be very effective at picking up malicious software. Again this is free.

* Personal Firewall. The final link in the chain. For home use I would not be without a personal firewall. Zonealarm is the tool of choice here, again free.

* Windows Update. This is absolutely key TBH. You must ensure that your windows computer is up to date with Microsoft patches and service packs. This is a straight forward job, and even easier if your using Win2kSP4 or XP as you can set it to automatically download and install them for you as and when they become available. The majority of internet worms infect PC's because they exploit a vulnerability in the windows software.

Final note..... keep away from these all-in-one wonder tools like norton etal. It is far simpler and more reliable to specialist tools like those above than a single jack of all trades solution which will cause havoc on your system.

 

[Mr Grinch]

* Anti-Virus. My preferred choice is Trend, but I use AVG as its free. I dont agree with the previous poster on the number of viruses etc, the logic is flawed.

As someone who deals with the security of networks every day of my working life I know that there have been at least 137 new virus or variants of existing virus since the beginning of February. That is why my corporate networks are virus updated on average three to four times a day when new virus signatures are released by the AV company I use which is probably the industry leader in AV technology. Sophos. Check out the flawed logic for yourself

http://www.sophos.com/downloads/ide/

See how many individual ide files have been issued since the beginning of February. (the ide is a signature file for a virus or virus family).

In the four years I have been using Sophos in the corporate world I have never, ever, had any issues with virus infection but there again I wouldn't expect to as the Sophos solution costs multi-thousand quid & I administer & monitor it, against zilcho for the freebie or cheap Norton type AV solutions which often miss detection of some virus & are not supported at the same level.

I have a choice & I know which one I would use to protect my network, whether home or corporate.

I also use this at home as corporate sophos users are licensed for home use as well. Ask your IT department if they use Sophos as they may be able to supply it for home use.

--

Simon

 

[mikeh501]

Trojan lurking on machine which has not been detected by your out-of-date anti-virus software (since the begining of February there have been 137 new virus signatures detected so those who update once every twenty four hours are potentially opening themselves up to infection of an average four new virus per day before update)....

Ok, I dont dispute the fact that X number of viruses have been found on the internet, this doesnt mean that you are going to receive them. Thats how your logic is flawed.

In addition the vast majority of viruses which people receive are the same. See this link from your favourite vendor Sophos. As you can see 5 of the top 10 viruses found in an entire year are variants on the same virus and the top 10 account for 80% of all viruses reported.

If you look closely at viruses listed they pretty much all share a couple of common factors. They either utilise an existing hole in Windows (see unpatched PC's above) or come in an e-mail as a executable type attachment, which is easily stripped out by any self respecting mail server, AV or even Outlook, which strips all executable attachments.

...The trojan arrived by opening an email attachment. The trojan then initiates an external connection via the external firewall. The external firewall sees this as allowed traffic as the traffic is coming from a trusted source, your computer, & therefore happily allows the conversation to take place....

This isn't the case on a corporate network. If it is on yours then you should perhaps have a rethink as it is bad practise.

 

[ELIMINATOR]

Well guys most of that went over my head, but thanks anyway.

So what is the best free firewall? Or just use the windows security centre, brief answers please, without all the wheres & whyfores??

 

[mikeh501]

Well guys most of that went over my head, but thanks anyway.

So what is the best free firewall? Or just use the windows security centre, brief answers please, without all the wheres & whyfores??

Zonealarm

 

[Mr Grinch]

Sygate Personal Firewall http://smb.sygate.com/products/spf_standard.htm

Microsoft Antispyware http://www.microsoft.com/athome/security/spyware/software/default.mspx

Your favourite antivirus software, not Norton if you can help it.

If you are using ADSL I recommend using a Draytek 2600Plus as a router/switch including excellent firewall. If you want WiFi as well then go for the 2600G (recommended, I use one).

http://www.draytek.co.uk/products/products.html

This lot should do keep you safe & secure as long as you keep everything up-to-date including any OS patches/hotfixes if you are using Windows products.

--

Simon

 

[themadprofessor]

I user Sophos on two networks I run.

I find the Enterprise Manager a very handy tool.

I use Sybari Antigen on our Exchange Servers. I am now just a bit worried whether the recent take over by Microsoft may damage the product which presently I am extremely happy with.

Mr Grinch - I agree about the domestic users, and firewalls and general failure to keep their systems up to date.

I use the corporate version of Smoothwall and also use an add on called Guardian. This filters all web traffic, and allows the administrator to choose the type of content to block. Thus all executables, scripts and non business related file types are blocked, as are all webmail accesses. Some users don't like it - however I won over the MD to my side and it is now a disciplinary offence to be found accessing or attempting to acess webmail during working hours.

In the Antigen - I also have strict rules set up and the only attachments that are permitted are standard Office type documents. Sadly also the most dangerous.

Chris

 

[grampsjp]

Sorry can`t help. I only run macs and freeBSD -
no spyware, no viruses equal no problem.